1 / 19

Linux: A Wireless Solution

Linux: A Wireless Solution. Josh Joiner. Agenda. Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns and Conclusion. Introduction. What is a wireless network Wireless LANs range of coverage

bond
Download Presentation

Linux: A Wireless Solution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux: A Wireless Solution Josh Joiner

  2. Agenda • Introduction • Minimum Hardware • Basic Components • Steps on setting up a wireless network • Security Concerns and Conclusion

  3. Introduction • What is a wireless network • Wireless LANs range of coverage • We are setting up a 802.11b (also known as Wi-Fi) implementation of a wlan. There are other implementation that can be found at http://ieee802.org/11/ • More info on wireless can be found at: • http://www.nsrc.org/wireless.html • http://www.webopedia.com/TERM/W/Wi_Fi.html

  4. Minimum Hardware Needed • desktop or laptop(>=386) - ap • Desktop or laptop - client • Two or more 802.11b wireless cards (I use Lucent's Wavelan card) • ISA-to-PCMCIA or PCI-to-PCMCIA adapter • Hardware to set up the link from the gateway to the Internet. • A Unix-like operating system.

  5. Basic Components of a Wireless Network • Wired Network • Gateway or Acess Point • Client(s)

  6. Example Wireless Layout

  7. How To: • Step1: Install the PCI/ISA-to-PCMCIA adapter in the gateway • Step2: Install Unix Like OS on the Gateway (desktop/laptop). I used Red Hat 7.0. • Firewall software • DHCP server • SSH server • Step 3: configure the wireless information in /etc/pcmcia/wireless.opts (see next slide for example)

  8. My /etc/pcmcia/wireless.opts file: case "$ADDRESS" in *,*,*,*) INFO="LinuxAirport" ESSID=“name-of-network" MODE=“managed“ ##(there is several modes here) RATE="auto" KEY=“xxxxxxxxxxxxx" # KEY="s:securityisfun" # s: followed by thirteen chars, for 128-bit WEP # e.g. Lucent Gold ;; esac

  9. How to (cont) • Step 4: Assign a wireless subnet under /etc/pcmcia/network.opts (see my next slide example) • Step 5: Setup the external (dsl/lan) network. • Step 6: Setup the firewall software in /etc/rc.d/rc.firewall (I used ipchains, see next slide for example)

  10. /etc/pcmcia/network.opts case "$ADDRESS" in *,*,*,*) INFO="Sample private network setup" # Transceiver selection, for some cards -- see 'man ifport' IF_PORT="" # Use BOOTP (via /sbin/bootpc, or /sbin/pump)? [y/n] BOOTP="n" # Use DHCP (via /sbin/dhcpcd, /sbin/dhclient, or /sbin/pump)? [y/n] DHCP=“Y" # If you need to explicitly specify a hostname for DHCP requests DHCP_HOSTNAME="" # Host's IP address, netmask, network address, broadcast address IPADDR="192.168.1.1" NETMASK="255.255.255.0" NETWORK="192.168.1.0" BROADCAST="192.168.1.255"

  11. /etc/pcmcia/network.opts # Gateway address for static routing GATEWAY="10.64.48.1" # Things to add to /etc/resolv.conf for this interface DOMAIN="" SEARCH="" DNS_1="" DNS_2="" DNS_3="" # Extra stuff to do after setting up the interface start_fn () { return; } # Extra stuff to do before shutting down the interface stop_fn () { return; } # Card eject policy options NO_CHECK=n NO_FUSER=n ;; esac

  12. /etc/rc.d/rc.firewall #!/bin/sh # # rc.firewall-2.2 FWVER="1.01" echo -e "\n\nLoading simple rc.firewall version $FWVER..\n" #Setting the EXTERNAL and INTERNAL interfaces for the network EXTIF="eth0" INTIF="eth1" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" # Network Address of the Internal Network # INTLAN="192.168.1.0/24" echo -e " Internal Interface: $INTLAN\n" # Load all required IP MASQ modules echo " loading required IPMASQ kernel modules.." # Needed to initially load modules # /sbin/depmod -a echo -en " Loading modules: " echo ". Done loading modules."

  13. #CRITICAL: Enable IP forwarding since it is disabled by default since # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # FORWARD_IPV4=false to FORWARD_IPV4=true echo " enabling forwarding.." echo "1" > /proc/sys/net/ipv4/ip_forward #CRITICAL: Enable automatic IP defragmenting since it is disabled by default echo " enabling AlwaysDefrag.." echo "1" > /proc/sys/net/ipv4/ip_always_defrag echo " clearing any existing rules and setting default policy.." /sbin/ipchains -P input ACCEPT /sbin/ipchains -P output ACCEPT /sbin/ipchains -P forward REJECT /sbin/ipchains -F input /sbin/ipchains -F output /sbin/ipchains -F forward # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # echo " setting default timers.." /sbin/ipchains -M -S 7200 10 160

  14. # DHCP: For people who receive their external IP address from either DHCP or # BOOTP such as ADSL or Cablemodem users, it is necessary to use the # following before the deny command. # # This example is currently commented out. # # /sbin/ipchains -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp # Enable simple IP forwarding and Masquerading # echo " enabling IPMASQ functionality on $EXTIF" /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i $EXTIF -s $INTLAN -j MASQ echo -e "\nrc.firewall v$FWVER done.\n"

  15. How To (cont): • Step 7: Setup DHCPD (see sample config) • Step 8: Now you are ready to configure the clients.

  16. /etc/dhcpd.conf subnet 192.168.1.0 netmask 255.255.255.0 { # --- default gateway option routers 192.168.1.1; option subnet-mask 255.255.255.0; option domain-name “domainname.com"; # replace this w ith the domain name of your internal net, if any option domain-name-servers 10.64.48.5; # replace this w ith the IP of your Domain Name Server range dynamic-bootp 192.168.1.128 192.168.1.255; default-lease-time 21600; # 6 hrs max-lease-time 43200; # 12 hrs } subnet 10.64.48.0 netmask 255.255.252.0 { not authoritative; }

  17. Security Concerns and Conclusion • You can enable WEP (Wired Equivalent Privacy ) but it is not very secure. • There are other solutions for Wireless Encryption: • EAPTLS (Extensible Authentication Protocol Transport Level Security) • TKIP(Temporal Key Integrity Protocol ) • One of the better ways to implement security on a wireless network is to setup a VPN for secure access. The same client can often tunnel IPsec over wireless to a VPN gateway located between the access point and the rest of the corporate network.

  18. Questions?

  19. Sites of Reference • http://www.oreillynet.com/pub/a/wireless/2001/03/06/recipe.html • http://www.live.com/wireless/unix-base-station.html

More Related